Unchecked Buffer in Data Access Components New
A security vulnerability exists in the Microsoft Data Access Components (MDAC) which could allow an attacker to run code of their choice on a SQL Server by exploiting a buffer overrun.
Issue
The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer.
An attacker who submitted a database query containing a specially malformed parameter within a call to OpenRowSet could overrun the buffer, either for the purpose of causing the SQL Server to fail or causing the SQL Server service to take actions dictated by the attacker.
Affected Products
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
- Microsoft Data Access Components 2.7
Download
Software patches are available from the following locations:
- Microsoft Data Access Components 2.5
- Microsoft Data Access Components 2.6
- Microsoft Data Access Components 2.7
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: July 31, 2002
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
 |
 |
|
More Guides » | Registry Guide | Support Forums | Software Guide | Scripting Guide | Search |  | |
